A ‘Remote Control’ device for eKYC

Should a business acquaintance know your home address? Your date of birth? How about if they’re in possession of a scanned copy of your driver’s license?

Probably not, especially if you haven’t given that information to them. Why would you.

My thoughts exactly when I found myself in conversation with a business acquaintance who was telling me about their High School years that lead me to say “We must be around the same age” to which the response was a nonchalant “…you’re six months older”.

Hmm…how did he know that? Awkward conversation followed.

What had happened was he’d been copied on an email with a scanned copy of my driver’s license. This acquaintance worked in one of the Big Four Australian Banks that was planning to deploy Safetronic Mobile MFA and I was temporarily working on-site to help them. As such, they needed to onboard me, and ‘email’ was their answer to eKYC.

I had given the license to the relevant onboarding person, and they had decided to copy about a dozen other people on the project when they forwarded it to the external company doing the background checks. The forementioned business acquaintance didn’t need to be in possession of a scanned copy of anyone’s identity documents.

Interestingly, I recall initially sending a redacted version only showing the name and photo ID as the proof-of-identity, but they would not accept that in any form other than in the clear. Wouldn’t even accept a password protected image file.

“You will be assimilated… Resistance is futile.” — The Borg

There was a lesson in this experience

One that would carry into the Safetronic eKYC design as key features in – Privacy, User-Consent & Granularity (Redaction & Metadata) of the Identity Data Released.

‘Privacy’ achieved through how the eKYC identity data is collected, stored, and moved around. No more emailing identity documents as attachments or uploading files through websites. Instead, collected by the user through their mobile phone and securely stored as an ‘identity token’ that is entirely under the control of that user. No server honeypot to expose everyone’s identity information.

‘User Consent’ analogous to a ‘Universal Remote Control’ put in the user’s hand – giving full control of who gets to see their identity data. Explicit ‘User Consent’ before release of any identity information on every request. Where the user’s mobile phone is turned into an ‘identity token’ for eKYC and used as a ‘Remote Control’ to authorise release of identity data. Coupled with a full audit trail of tamper evident logs of all identity requests and user consents.

‘Granularity’ in the user consent of identity data that is released, effectively ‘redacting’ identity information given to the requesting party and introducing the concept of ‘metadata’ in identity, where the level of granularity can be narrowed down to individual identity attributes.

‘Redaction’ of certain identity attributes – e.g. if a driver’s license is being used as a proof-of-identity where the identity attributes of interest are the name, photo-ID and address, then the requesting party doesn’t need to know other information that’s on the license, so the information is redacted and only the relevant identity information released.

‘Metadata’ or meta-identity data to enable the requesting party to verify an identity attribute without divulging the actual data – e.g. proof-of-age that the person is 18+ versus the need to know the exact day, month, and year of birth.

It is important to highlight that eKYC using granular, redacted, or meta-identity data is based on the premise that all the identity attributes have been pre-validated. Because the validation of a proof-of-identity documents against government records (through a DVS) typically requires all the attributes to be present. After DVS validation, a relying party can trust that identity attributes released at a granular level are pre-validated.

Image: Star Trek

Trust levels

Safetronic eKYC associates a ‘Trust Level’ with each identity attribute so that the relying party can determine the degree of pre-validation that has occurred on each identity attribute. A deeper dive into Safetronic eKYC ‘Trust Levels’ concept is perhaps best deferred for another article.

But going back to the anecdote at the beginning of this article – had that organisation been using the Safetronic eKYC – I would have captured my driver’s licence through the Safetronic eKYC identity token (mobile app) and given the onboarding person the reference to my eKYC token where its distribution via emailing (with the dozen people copied) would not have divulged any of my identity information.

The external company doing the background checks would have used the eKYC token to request the release of my identity information from me directly – where I would have simply received a request on my identity token mobile app so that I would know who’s asking, what identity attributes they’re asking for etc. and I would have given consent through the identity token app.

This highlights the use case for the ‘privacy’ and ‘user-consent’ features of Safetronic eKYC.

Alternatively, if the Safetronic eKYC identity token has been pre-validated then the organisation could have made an identity request on ‘granular’ attributes such as my name and photo (cropped from the photo-ID) which would have ‘redacted’ other information on the driver’s licence.

Safetronic eKYC with the features highlighted in this article and the use of an eKYC identity token for user consent-driven authorisation to release identity information opens up quite a few interesting use cases that will be covered in the coming articles.